Certification Authority Rating And Trust (CARAT) published the ''CARAT Guidelines'' subtitled Guidelines for Constructing Policies Governing the Use of Identity-Based Public Key Certificates dated 2000-01-14.

Guidelines that are intended to help organizations create closed, but interoperable Public Key Infrastructures (PKIs) that can be used to facilitate pilot projects employing public key technology.

Such organizations, called Policy Authorities in this document, can use the Guidelines to analyze their particular needs and to construct a PKI that will meet those needs. One important product of that analysis is likely to be a Certificate Policy, which may be thought of as a charter for a particular PKI.

A Certificate Policy defines who the parties are, the relationships and obligations of the parties to one another, and what uses are acceptable within the PKI. The last part of these Guidelines includes high level drafting instructions for Certificate Policy writers. The Guidelines suggest that Policy Authorities use contracts to make the provisions of a Certificate Policy legally binding among the parties